Grab our RSS feeds Follow us on Twitter Join our Facebook Group Connect with us on LinkedIn
myITforum.com, Powered by You.
you are not logged in

Articles

Newslinks

Links

Downloads

Site Services

Community Forums

Discussion Lists

Article Search

Newsletter

Web Blogs

FAQs

Live Support

myITforum TV

Take a Poll

Monthly Drawing

myITforum Network

User Group Directory

Our Partners

About Us

Register

Login

BRONZE PARTNER:

BRONZE PARTNER:



Industry News:




  Home : Articles : SMS 2003 print | email | | Forums |   print | email | | Blogs |   print | email | | Wiki |   print | email | | FAQs |   print | email | Article Search  
Windows Server 2003 SP1 upgrade


Bookmark and Share

By: Steve Thompson
 Posted On: 8/31/2005

 The following information is meant to be a guide of upgrading Windows Server 2003 to Service Pack 1, potential impact on SMS 2003 SP1 and general troubleshooting steps to resolve issues with SMS 2003.

Before upgrading, first check the Microsoft FAQ site http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/tfaq02.mspx
for the latest information (Windows 2003 SP1), questions answered as of this writing:

Q. I would like to upgrade my site systems to Windows Server 2003 SP1. Are there any compatibility issues with SMS 2003 that I should know about first? (Updated May 15, 2005)

Q. I permitted unsecapp.exe and TCP port 135 through my firewall, but my SMS Administrator console running on Windows Server 2003 SP1 still cannot connect to the SMS site database. What should I do next? (Added January 31, 2005)


New with Windows Server 2003 SP1 is the Security Configuration Wizard (SCW). Incorrect use of the SCW may cause unpredictable behavior of SMS 2003. With regard to Windows Server 2003 SP1 and SMS 2003, Wally Mead (Microsoft) mentioned the checking the prior FAQ and added:

“When you run the SCW you will need to make sure that all applicable SMS roles (SMS site, CAP, MP, DP, etc.) are checked in order for them to work correctly. It will then open the necessary ports and other things for SMS to function properly. There is one area of confusion, which is around a remote SMS provider. SCW can’t properly detect it and there is a dependent service (remote WMI) which is also needed. We are working to update the FAQ with the details (and remove the references to “beta.”)”

After upgrading Windows Server 2003 SP1, Mike Creech reported the following issues:

We found two additional problems. 1) The admin console would not connect to the site for users that were not administrators on the server. 2) Users with “read only rights” on a collection could install clients.

The first problem was fixed by one of my colleagues, Brian Anderson. We determined that WMI or DCOM was the source of the access problem. Through research and experimentation, Brian found the solution – it is a DCOM configuration.

a) Run the DCOM configuration tool, dcomcnfg.exe from the command line.
b) Under Component Services-Computers, locate My Computer.
c) Right click and choose Properties.
d) Select the COM Security tab.
e) Click “Edit Limits” in the Launch and Activation Permissions box.
f) Add the local SMS Admins group, then allow this group permissions to “Remote Activation”.

The second problem is discussed in Microsoft’s KB article 843362. The hotfix must be obtained from your PSS and you should specify RTM or SP1 of SMS 2003.


Rob Stack reported the following issue; he installed an SMS remote child site and the Management Point (MP) failed to initialize:

“I've recently installed a remote child site (which is W2K3 SP1) and am receiving an error when the MP tries to install (whether manually or remotely). I have set the server roles (I think) correctly, and the rest of the site is functioning OK. There seems to be very little on the web regarding this error and uninstalling/reinstalling IIS does not solve the problem.

Finally, the MP troubleshooter shows no problems.”

Note: mpsetup.log returned error code 1603

Jan Burke reported that:

“When I had this error the problem was the SMS client installed on the server prior to the MP install and registry entries were preventing the MP from installing.”

Jan summarized her solution (which solved Rob’s reported issue BTW) as:

“This happened to four of my 28 secondaries. It actually started with a bad IIS install on 4 new remote servers with bad IIS user accounts. The entire event involved uninstalling IIS and deleting the IIS accounts IUSR & IWAM from the machine then reinstalling IIS which created good accounts. However at that point still no MP would install.

That is where the SMS client came into play. The client had installed fine but it had installed prior to installing my MP. As it turns out the installation of the client prevented the MP from installing.

The steps were taken as I wrote them to finally resolve the issue.

uninstalled MP from Secondary in console (wasn't working anyway)
Ran ccmclean /MP
Ran ccmclean /ALL
Installed MP back

Shazam..............they started smokin........

This was a 4 week drama with PM intervention; nothing I care to repeat but I searched lists and the net and never found this resolution posted anywhere.

My MP Troubleshooter indicated errors "can not create Active X component" and one other which I can't remember right now (still trying to forget that nightmare)

I do not see how the MP requires a SMS client as I don't have clients installed on my Domain Controllers and they are still MPs for my sites.

I concluded that the client cannot install before the MP role is assigned or there will (or maybe 'could') be issues. I actually tested this on two servers waiting to be deployed and found the same issue with the client. In those two cases IIS was fine on those servers but the client had installed prior to installing the secondary site and a MP. They were in the holding area being configured and, of course, SMS client found them and installed. I installed a secondary (went fine) but my MP would not install until I ran the above sequence.

To get the advanced client to install back on the servers I did a push from the console. None of them installed automatically after the manual removal. But they are all fine now.”

~~ Update 8/31/05 ~~

From Richard Wright -- Reporting Users having failures in connecting to web reports:

I discovered another SMS issue after upgrading to W2K3 SP1. A lot of my PC support people starting complaining that they couldn't view sms reports anymore. After doing some research, I found the following solution.

1. Go to Start | Run and type dcomcnfg.exe
2. Drill down to Component Services | Computers | My Computer |
DCOM Config
3. Right click SMS_REPORTING_POINT and click properties.

4. Click on the security tab and choose Customize under the Launch and Activation Permissions. Then click Edit.

5. Add SMS Reporting Users and give them (enable) the following permissions
a. Local Launch
b. Remote Launch
c. Local Activation
d. Remote Activation
[Steve T] Note: may only need options 5.b and 5.d, test to confirm.

6. Click OK twice and close dcomcnfg


There have been reports of the Windows Server 2003 SP1 upgrade causing failures when the Management Point is on a server separate from the SMS Site server.

From Zubair Rajah
“I upgraded one of my MPs to w2k3 SP1, my MP and Site server are 2 separate servers. After the upgrade on the MP server, I started getting "error 997: Overlapped I/O operation in progress" on the site server. The MP was servicing clients, just that the Site server could not access the necessary registry keys. I then uninstalled SP1 and the problem disappeared. Did some poking around and couldn't find anything helpful, I contacted MS who said that this is known issue, the work around is to upgrade both site server and MP to w2k3 SP1.

I then upgraded both servers to w2k3 SP1, problem appeared again. Spoke to MS again, then say that their DEV team is working on a fix for this. Seems like the system account does not have the necessary rights to access the remote MP registry, although each machines account is in each others local admin group.”

Update a couple of days later:

“Seems like after w2k3 SP1, connections to the registry of a remote computer are made in anonymous security context, prior to SP1 this connection was done in the security context of the computer account credentials. You will not experience this issue if you have SMS running with a service account.

The good news is, I just received the fix, KB906570 (not sure if it is posted yet, you probably will have to speak to your TAM to get it).”

Zubair later reported that this hotfix did resolve his issue. In my own investigation with Microsoft, I’ve been told if both SMS site server and MP are upgraded to SP1 at the same time this issue should not surface. On 8/29/05 I updated 12 SMS servers to Server 2003 SP1, 4 of these servers had MP’s separate from the site server, running in advanced security mode. I did find that each of the SMS site server did required the DCOM permission revision (above) to allow SMS administrators that were not server administrators to connect via the SMS MMC. However, I did not see the issue mitigated by 906570 -- this may be a situation of “your mileage may vary”.


Note: This document is a compilation of information from multiple sources, and where possible credit is given to the source. Let me know if you encounter any issue not documented here?

  myITforum.com ©2010 | Legal | Privacy